Re: Non-trusted to trusted system

The trusted system mode is deprecated, and HP is preparing to remove it in the next major version of HP-UX (= whatever comes after 11.31). In 11.31 and 11.23, there is also an option to use shadow passwords, like on many other brands of Unix. You can get shadow passwords on 11.11 too, but it requires installing a free optional package first:

You can switch to trusted system mode while users are logged in. However, you should inform your users in advance.

If someone is using a password that is longer than 8 characters in non-trusted mode, only the first 8 characters is actually stored, and the rest is ignored. In non-trusted mode, this applies to password checking too, so the users can type more than 8 characters and have their passwords "just work".

But when you switch to trusted system mode, the password algorithms will use those extra characters too. After the switch, each stored password hash will contain information on the first 8 password characters only. If an user has accustomed to typing 9 or more characters in the password prompt, the hash of the typed longer password will not match the stored hash of the first 8 characters, and the password check will fail.

So, the advice you need to give your users is: "If your password is not working after conversion to trusted mode, and it contains more than 8 characters, log in by typing just the first 8 characters, then use the "passwd" command to change your password. Once you have changed your password after conversion to trusted mode, the system will remember and check all the password characters, not just the first 8."

Trusted system is also already affected by one y2k38 issue, which you should be aware of:

From the above link... Most of the features of trusted mode are also available through following security extensions

HP-UX 11i Security ContainmentHP-UX 11i Security Containment includes all the functionality of HP-UX Standard Mode Security Extensions as well as several new security features for HP-UX 11i version 2 systems.For more information, and to download HP-UX 11i Security Containment, go to Software Depot and search for HP-UX 11i Security Containment.